Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Login to our social questions & Answers Engine to ask questions answer people’s questions & connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
What parts of JavaScript code do I have to escape inside a script element in a HTML page? Is <>& enough or too much?
[EDIT] This is related to this bug: http://code.google.com/p/rendersnake/issues/detail?id=15#c6 comment #6
In HTML (and XHTML if you’re an evil person that sends your XHTML pages as
text/html),scripttags are#CDATA, and therefore, the only thing that you shouldn’t have in the content is</script>, as that is all that the parser looks for to signal the end of the tag. Don’t escape anything; just make sure you don’t have</script>in the tag content. For example, if you have a string with a closing script tag, split it up:In XHTML, sent as
application/xhtml+xml,scripttags are#PCDATA, and therefore, escaping<and&is necessary, unless you can use a<![CDATA[ ... ]]>block to change to#CDATAparsing mode, but in that case, remember that you can’t have]]>in your tag content.